Описание
Duplicate Advisory: Keycloak DoS via account lockout
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-cq42-vhv7-xr7p. This link is maintained to preserve external references.
Original Description
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.
Пакеты
Наименование
org.keycloak:keycloak-core
maven
Затронутые версииВерсия исправления
<= 23.0.5
24.0.0
3.7 Low
CVSS3
Дефекты
CWE-645
3.7 Low
CVSS3
Дефекты
CWE-645